The CIA built a fake software update system to spy on intel partners

Anyone relying on the CIA for tech support got a nasty surprise this morning, as documents published by Wikileaks revealed a secret project to siphon out data through its technical liaison service, dating back to 2009.

The program, called ExpressLane, is designed to be deployed alongside a biometric collection system that the CIA provides to partner agencies. In theory, those partners are agreeing to provide the CIA with access to specific biometric data — but on the off-chance those partners are holding out on them, ExpressLane gives the agency a way to take it without anyone knowing.

ExpressLane masquerades as a software update, delivered in-person by CIA technicians — but the documents make clear that the program itself will remain unchanged. Instead, the program siphons the system’s data to a thumb drive, where agents can examine it to see if there’s anything the partner system is holding back. If the partners refuse the phony update, there’s a hidden kill-switch that lets agents shut down the entire system after a set period of time, requiring an in-person visit to restore the system.

It’s still unclear who exactly those intel partners are. WikiLeaks claims the program was primarily used against US agencies like the FBI and Department of Homeland Security, although the targets are far less clear from the documents themselves. Since the CIA doesn’t maintain any significant biometric database on its own, it’s also unclear what the agency would do with any data obtained in this manner.

Still, it’s a striking example of the CIA using tech support as a way of gaining access to sensitive information — and as WikiLeaks continues to release the agency’s hacking tools as part of the Vault 7 campaign, it’s a reminder of how sophisticated the agency’s digital spycraft really is.